CVE-2017-18033Cross-Site Request Forgery in Atlassian Jira

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Jira
Timeline
PublishedJan 18
Latest updateMay 14

Description

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDatlassian/jira< 7.6.1
CVEListV5atlassian/jiraAll versions before 7.6.1

🔴Vulnerability Details

2
GHSA
GHSA-j5pf-67fx-vj74: The Jira-importers-plugin in Atlassian Jira before version 72022-05-14
CVEList
CVE-2017-18033: The Jira-importers-plugin in Atlassian Jira before version 72018-01-18
CVE-2017-18033 — Cross-Site Request Forgery | cvebase